Our core value is simple: Your Data Stays Yours. We don't sell your data. We don't run ads. We earn our revenue from software licenses — nothing else.
This Privacy Policy explains what information Ashulabs ("we", "us", "our") collects when you use our website (ashulabs.com) and products, how we use it, and what choices you have. We've written this in plain English because we believe you shouldn't need a lawyer to understand how your data is handled.
1. Information We Collect
Account Information
When you sign up for any of our products, we collect basic details to create and manage your account:
Name, email address, and phone number
Organisation or business name
Billing address (if applicable)
Product-Specific Data
The data stored within each product depends on how you use it:
Healthcare Management System (HMS): Patient records, appointment schedules, billing data, and clinical notes — entered and managed by your facility's staff.
School ERP (MSLS): Student profiles, attendance records, fee details, timetables, and academic data — entered and managed by your school's administrators and teachers.
Retail POS: Product inventory, sales transactions, customer purchase history, and staff information — entered and managed by your business.
Website Design Services: Project requirements, brand assets, content, and communication history you share with us during the design process.
Usage Data
We automatically collect limited technical data when you interact with our products:
Pages visited and features used
Browser type, device type, and operating system
IP address and approximate location (country/city level)
Error logs and performance metrics
Payment Information
When you purchase a license or subscription, your payment is processed by a third-party payment gateway. We do not store your full credit/debit card number, CVV, or bank account details on our servers. We only retain a transaction reference and billing summary for our records.
2. How We Use Your Information
We use the information we collect for the following purposes:
Service Delivery: To set up your account, run your chosen product, and provide the features you signed up for.
Communication: To send you important updates about your account, respond to support requests, and notify you of service changes. We won't spam you with marketing emails unless you opt in.
Product Improvement: To understand how our products are used, fix bugs, and build better features. We use aggregated, anonymised usage data for this — not your personal or business data.
Security: To detect and prevent fraud, abuse, and unauthorised access.
Legal Obligations: To comply with applicable laws and regulations, if required.
3. Data Storage & Security
Your data is hosted on secure infrastructure located in India. We take the following measures to protect it:
All data is encrypted in transit (TLS/SSL) and at rest.
Access to production systems is restricted to authorised personnel only, with multi-factor authentication.
We perform regular backups and have disaster recovery procedures in place.
We conduct periodic security reviews and apply patches promptly.
No system is 100% immune to threats. If we ever discover a data breach that affects your information, we will notify you as soon as reasonably possible.
4. Data Sharing
We do not sell, rent, or trade your personal data to anyone. Period.
We only share data with third parties in these limited situations:
Payment Processors: To process your payments securely (e.g., Razorpay or similar gateways).
Essential Service Providers: Infrastructure and hosting providers that help us run our services. These providers are bound by confidentiality agreements and only process data on our behalf.
Legal Requirements: If required by law, court order, or government authority, we may disclose data. We will notify you if legally permitted to do so.
We do not use advertising networks, data brokers, or any third-party tracking that profiles you for ad targeting.
5. Healthcare Data
We understand that healthcare data is among the most sensitive information there is. Here is how we handle it:
Patient data entered into our Healthcare Management System (HMS) is stored on a per-facility basis. Each facility's data is logically separated.
We do not access, view, or analyse patient data unless you explicitly grant us permission — for example, to resolve a technical support issue you've reported.
Your patient data belongs to your facility. We are a technology provider, not a healthcare provider. We do not use patient data for research, analytics, marketing, or any purpose beyond running the software for you.
If you choose to stop using HMS, you can export all your data before account closure.
6. Student Data
Schools trust us with information about their students, and we take that responsibility seriously:
All student and school data entered into our School ERP (MSLS) belongs to the school. We don't own it, and we don't use it.
We do not mine, analyse, or repurpose student data for any reason outside of delivering the MSLS service to your school.
Access to school data within our systems is strictly limited and logged.
Schools can export their data at any time and request deletion upon termination of their account.
7. Cookies
We keep cookie usage to a minimum. Here is what we use:
Session Cookies: These keep you logged in while you use our products. They expire when you close your browser or after a set period of inactivity.
Analytics Cookies: We use basic analytics to understand overall traffic patterns (e.g., which pages are visited most). This data is aggregated and does not personally identify you.
We do not use third-party advertising cookies or cross-site tracking cookies.
8. Your Rights
You have the following rights regarding your data:
Access: You can request a copy of the personal data we hold about you.
Correction: You can ask us to correct any inaccurate information.
Deletion: You can request that we delete your account and associated personal data. We will comply unless we are legally required to retain certain records.
Data Export: You can export your data from our products in standard formats at any time.
Withdraw Consent: If you previously opted in to marketing communications, you can opt out at any time.
To exercise any of these rights, email us at support@ashulabs.com. We will respond within 30 days.
9. Data Retention
We retain your data only for as long as it is needed:
Active accounts: Your data is retained for as long as your account is active and you are using our services.
Closed accounts: After you close your account, we delete your personal data within 90 days, unless we need to retain certain records for legal, tax, or audit purposes.
Backups: Residual copies in encrypted backups are overwritten on a rolling cycle and are not used for any active purpose.
Usage logs: Anonymised usage data may be retained indefinitely for product improvement, but it cannot be linked back to you.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will:
Update the "Last updated" date at the top of this page.
Notify you by email or through a notice in our products, if the changes are material.
We encourage you to review this page periodically. Your continued use of our services after changes are posted means you accept the updated policy.
11. Contact Us
If you have any questions, concerns, or requests about this Privacy Policy or how we handle your data, reach out to us:
We are a small team without a sprawling legal department, so if something in this policy is unclear or you think we can do better, just tell us. We'd rather have an honest conversation than hide behind fine print.